Search criteria
34 vulnerabilities found for solutions_business_manager by microfocus
CVE-2019-18947 (GCVE-0-2019-18947)
Vulnerability from nvd – Published: 2021-02-26 03:07 – Updated: 2024-09-16 16:58
VLAI?
Title
information disclosure
Summary
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
Severity ?
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:21:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "information disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T20:19:00.000Z",
"ID": "CVE-2019-18947",
"STATE": "PUBLIC",
"TITLE": "information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18947",
"datePublished": "2021-02-26T03:07:45.666497Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T16:58:52.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18946 (GCVE-0-2019-18946)
Vulnerability from nvd – Published: 2021-02-26 03:04 – Updated: 2024-09-16 17:28
VLAI?
Title
Session fixation
Summary
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
Severity ?
4.8 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:17:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Session fixation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T18:31:00.000Z",
"ID": "CVE-2019-18946",
"STATE": "PUBLIC",
"TITLE": "Session fixation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18946",
"datePublished": "2021-02-26T03:04:38.890602Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T17:28:42.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18945 (GCVE-0-2019-18945)
Vulnerability from nvd – Published: 2021-02-26 03:12 – Updated: 2024-08-05 02:02
VLAI?
Title
privilege escalation
Summary
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
Severity ?
7.3 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:25:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-18945",
"STATE": "PUBLIC",
"TITLE": "privilege escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18945",
"datePublished": "2021-02-26T03:12:06",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18944 (GCVE-0-2019-18944)
Vulnerability from nvd – Published: 2021-02-26 03:28 – Updated: 2024-09-16 20:21
VLAI?
Summary
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
Severity ?
4.9 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:40.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:28:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T18:03:00.000Z",
"ID": "CVE-2019-18944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18944",
"datePublished": "2021-02-26T03:28:07.976209Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T20:21:38.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18943 (GCVE-0-2019-18943)
Vulnerability from nvd – Published: 2021-02-26 03:32 – Updated: 2024-09-16 19:10
VLAI?
Title
XML External Entity processing
Summary
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
Severity ?
6.1 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:32:59",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XML External Entity processing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T17:54:00.000Z",
"ID": "CVE-2019-18943",
"STATE": "PUBLIC",
"TITLE": "XML External Entity processing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "MISC",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18943",
"datePublished": "2021-02-26T03:32:59.312073Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T19:10:13.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18942 (GCVE-0-2019-18942)
Vulnerability from nvd – Published: 2021-02-26 03:30 – Updated: 2024-09-16 20:52
VLAI?
Title
Stored cross site scripting
Summary
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:30:59",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored cross site scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T17:27:00.000Z",
"ID": "CVE-2019-18942",
"STATE": "PUBLIC",
"TITLE": "Stored cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18942",
"datePublished": "2021-02-26T03:30:59.295147Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T20:52:31.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3477 (GCVE-0-2019-3477)
Vulnerability from nvd – Published: 2019-06-07 16:17 – Updated: 2024-08-04 19:12
VLAI?
Summary
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
Severity ?
No CVSS data available.
CWE
- open redirect.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
prior to 11.4.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "prior to 11.4.2"
}
]
}
],
"datePublic": "2019-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "open redirect.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "prior to 11.4.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "open redirect."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3477",
"datePublished": "2019-06-07T16:17:00",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19644 (GCVE-0-2018-19644)
Vulnerability from nvd – Published: 2019-03-27 17:07 – Updated: 2024-09-17 01:30
VLAI?
Title
Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5
Summary
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
5 (Medium)
CWE
- reflected cross site script
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager (SBM) |
Affected:
< 11.5
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager (SBM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected cross site script",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19644",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager (SBM)",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected cross site script"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19644",
"datePublished": "2019-03-27T17:07:17.697306Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T01:30:52.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19643 (GCVE-0-2018-19643)
Vulnerability from nvd – Published: 2019-03-27 17:13 – Updated: 2024-09-17 02:56
VLAI?
Title
Solutions Business Manager (SBM) Information Leakage issue in version prior to 11.5
Summary
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
4.7 (Medium)
CWE
- Information Leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager (SBM) |
Affected:
< 11.5
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager (SBM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:25",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) Information Leakage issue in version prior to 11.5",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19643",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Information Leakage issue in version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager (SBM)",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19643",
"datePublished": "2019-03-27T17:13:45.549175Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T02:56:35.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19642 (GCVE-0-2018-19642)
Vulnerability from nvd – Published: 2019-03-27 16:55 – Updated: 2024-09-17 00:06
VLAI?
Title
Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5
Summary
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
5.1 (Medium)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager (SBM) |
Affected:
< 11.5
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager (SBM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:54",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19642",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager (SBM)",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19642",
"datePublished": "2019-03-27T16:55:13.340252Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T00:06:25.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19641 (GCVE-0-2018-19641)
Vulnerability from nvd – Published: 2019-03-27 16:42 – Updated: 2024-09-16 17:47
VLAI?
Title
Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5
Summary
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
6.1 (Medium)
CWE
- Unauthenticated remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager (SBM) |
Affected:
< 11.5
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager (SBM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:52",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19641",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager (SBM)",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19641",
"datePublished": "2019-03-27T16:42:08.179702Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-16T17:47:50.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19645 (GCVE-0-2018-19645)
Vulnerability from nvd – Published: 2019-02-12 20:00 – Updated: 2024-09-16 22:55
VLAI?
Title
Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5
Summary
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ eDirectory | NetIQ Access Manager (NAM) |
Affected:
Solutions Business Manager (SBM) , < 11.5
(custom)
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager (NAM)",
"vendor": "NetIQ eDirectory",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "Solutions Business Manager (SBM)",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:01",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19645",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager (NAM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Solutions Business Manager (SBM)",
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "NetIQ eDirectory"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19645",
"datePublished": "2019-02-12T20:00:00Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-16T22:55:43.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7682 (GCVE-0-2018-7682)
Vulnerability from nvd – Published: 2018-06-22 22:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
Severity ?
No CVSS data available.
CWE
- Cross-site Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7682",
"datePublished": "2018-06-22T22:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T23:31:36.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7683 (GCVE-0-2018-7683)
Vulnerability from nvd – Published: 2018-06-21 19:00 – Updated: 2024-09-17 01:30
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7683",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T01:30:46.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7681 (GCVE-0-2018-7681)
Vulnerability from nvd – Published: 2018-06-21 19:00 – Updated: 2024-09-17 02:27
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
Severity ?
No CVSS data available.
CWE
- Reflected cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in \"Favorites\" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in \"Favorites\" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7681",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T02:27:04.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7680 (GCVE-0-2018-7680)
Vulnerability from nvd – Published: 2018-06-21 19:00 – Updated: 2024-09-16 20:36
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
Severity ?
No CVSS data available.
CWE
- Reflected cross-site scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:04.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:06",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7680",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T20:36:24.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7679 (GCVE-0-2018-7679)
Vulnerability from nvd – Published: 2018-06-21 19:00 – Updated: 2024-09-17 00:15
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
Severity ?
No CVSS data available.
CWE
- Client-side remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager 11.4 prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager 11.4 prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Client-side remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:32",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager 11.4 prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Client-side remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7679",
"datePublished": "2018-06-21T19:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-17T00:15:29.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18943 (GCVE-0-2019-18943)
Vulnerability from cvelistv5 – Published: 2021-02-26 03:32 – Updated: 2024-09-16 19:10
VLAI?
Title
XML External Entity processing
Summary
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
Severity ?
6.1 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:32:59",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XML External Entity processing",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T17:54:00.000Z",
"ID": "CVE-2019-18943",
"STATE": "PUBLIC",
"TITLE": "XML External Entity processing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611 Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "MISC",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18943",
"datePublished": "2021-02-26T03:32:59.312073Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T19:10:13.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18942 (GCVE-0-2019-18942)
Vulnerability from cvelistv5 – Published: 2021-02-26 03:30 – Updated: 2024-09-16 20:52
VLAI?
Title
Stored cross site scripting
Summary
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
Severity ?
5.5 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:30:59",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stored cross site scripting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T17:27:00.000Z",
"ID": "CVE-2019-18942",
"STATE": "PUBLIC",
"TITLE": "Stored cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18942",
"datePublished": "2021-02-26T03:30:59.295147Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T20:52:31.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18944 (GCVE-0-2019-18944)
Vulnerability from cvelistv5 – Published: 2021-02-26 03:28 – Updated: 2024-09-16 20:21
VLAI?
Summary
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
Severity ?
4.9 (Medium)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:40.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:28:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T18:03:00.000Z",
"ID": "CVE-2019-18944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18944",
"datePublished": "2021-02-26T03:28:07.976209Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T20:21:38.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18945 (GCVE-0-2019-18945)
Vulnerability from cvelistv5 – Published: 2021-02-26 03:12 – Updated: 2024-08-05 02:02
VLAI?
Title
privilege escalation
Summary
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
Severity ?
7.3 (High)
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:25:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-18945",
"STATE": "PUBLIC",
"TITLE": "privilege escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264 Permissions, Privileges, and Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18945",
"datePublished": "2021-02-26T03:12:06",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18947 (GCVE-0-2019-18947)
Vulnerability from cvelistv5 – Published: 2021-02-26 03:07 – Updated: 2024-09-16 16:58
VLAI?
Title
information disclosure
Summary
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
Severity ?
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:21:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "information disclosure",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T20:19:00.000Z",
"ID": "CVE-2019-18947",
"STATE": "PUBLIC",
"TITLE": "information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18947",
"datePublished": "2021-02-26T03:07:45.666497Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T16:58:52.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18946 (GCVE-0-2019-18946)
Vulnerability from cvelistv5 – Published: 2021-02-26 03:04 – Updated: 2024-09-16 17:28
VLAI?
Title
Session fixation
Summary
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
Severity ?
4.8 (Medium)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
< 11.7.1
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.7.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T03:17:24",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Session fixation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-11-21T18:31:00.000Z",
"ID": "CVE-2019-18946",
"STATE": "PUBLIC",
"TITLE": "Session fixation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "\u003c 11.7.1"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm",
"refsource": "CONFIRM",
"url": "http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade SBM to 11.7.1 or later"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-18946",
"datePublished": "2021-02-26T03:04:38.890602Z",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-09-16T17:28:42.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3477 (GCVE-0-2019-3477)
Vulnerability from cvelistv5 – Published: 2019-06-07 16:17 – Updated: 2024-08-04 19:12
VLAI?
Summary
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
Severity ?
No CVSS data available.
CWE
- open redirect.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager |
Affected:
prior to 11.4.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "prior to 11.4.2"
}
]
}
],
"datePublic": "2019-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "open redirect.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-3477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager",
"version": {
"version_data": [
{
"version_value": "prior to 11.4.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "open redirect."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4_2/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-3477",
"datePublished": "2019-06-07T16:17:00",
"dateReserved": "2018-12-31T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19643 (GCVE-0-2018-19643)
Vulnerability from cvelistv5 – Published: 2019-03-27 17:13 – Updated: 2024-09-17 02:56
VLAI?
Title
Solutions Business Manager (SBM) Information Leakage issue in version prior to 11.5
Summary
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
4.7 (Medium)
CWE
- Information Leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager (SBM) |
Affected:
< 11.5
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager (SBM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:25",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) Information Leakage issue in version prior to 11.5",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19643",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Information Leakage issue in version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager (SBM)",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19643",
"datePublished": "2019-03-27T17:13:45.549175Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T02:56:35.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19644 (GCVE-0-2018-19644)
Vulnerability from cvelistv5 – Published: 2019-03-27 17:07 – Updated: 2024-09-17 01:30
VLAI?
Title
Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5
Summary
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
5 (Medium)
CWE
- reflected cross site script
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager (SBM) |
Affected:
< 11.5
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager (SBM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "reflected cross site script",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19644",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager (SBM)",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "reflected cross site script"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19644",
"datePublished": "2019-03-27T17:07:17.697306Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T01:30:52.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19642 (GCVE-0-2018-19642)
Vulnerability from cvelistv5 – Published: 2019-03-27 16:55 – Updated: 2024-09-17 00:06
VLAI?
Title
Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5
Summary
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
5.1 (Medium)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager (SBM) |
Affected:
< 11.5
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager (SBM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:54",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19642",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Denial of Service issue in version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager (SBM)",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19642",
"datePublished": "2019-03-27T16:55:13.340252Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T00:06:25.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19641 (GCVE-0-2018-19641)
Vulnerability from cvelistv5 – Published: 2019-03-27 16:42 – Updated: 2024-09-16 17:47
VLAI?
Title
Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5
Summary
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
6.1 (Medium)
CWE
- Unauthenticated remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager (SBM) |
Affected:
< 11.5
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:20.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager (SBM)",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "\u003c 11.5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:52",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5",
"x_generator": {
"engine": "Vulnogram 0.0.5"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19641",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Unauthenticated remote code execution issue in version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager (SBM)",
"version": {
"version_data": [
{
"version_value": "\u003c 11.5"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.5"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"advisory": "",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19641",
"datePublished": "2019-03-27T16:42:08.179702Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-16T17:47:50.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19645 (GCVE-0-2018-19645)
Vulnerability from cvelistv5 – Published: 2019-02-12 20:00 – Updated: 2024-09-16 22:55
VLAI?
Title
Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5
Summary
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
Severity ?
No CVSS data available.
CWE
- Authentication Bypass
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetIQ eDirectory | NetIQ Access Manager (NAM) |
Affected:
Solutions Business Manager (SBM) , < 11.5
(custom)
|
Credits
Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:44:19.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager (NAM)",
"vendor": "NetIQ eDirectory",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "Solutions Business Manager (SBM)",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:01",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2019-01-23T01:00:00.000Z",
"ID": "CVE-2018-19645",
"STATE": "PUBLIC",
"TITLE": "Solutions Business Manager (SBM) Authentication Bypass Issue in Version prior to 11.5"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager (NAM)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "Solutions Business Manager (SBM)",
"version_value": "11.5"
}
]
}
}
]
},
"vendor_name": "NetIQ eDirectory"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Special thanks goes to Alessio Sergi of Verizon Enterprise Solutions for responsibly disclosing this CVE."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_5/sbm_release_notes.htm"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) 11.5"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-19645",
"datePublished": "2019-02-12T20:00:00Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-16T22:55:43.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7682 (GCVE-0-2018-7682)
Vulnerability from cvelistv5 – Published: 2018-06-22 22:00 – Updated: 2024-09-16 23:31
VLAI?
Summary
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
Severity ?
No CVSS data available.
CWE
- Cross-site Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Solutions Business Manager 11.4 |
Affected:
Solutions Business Manager versions prior to 11.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:31:05.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Solutions Business Manager 11.4",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "Solutions Business Manager versions prior to 11.4"
}
]
}
],
"datePublic": "2018-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2018-06-20T00:00:00",
"ID": "CVE-2018-7682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solutions Business Manager 11.4",
"version": {
"version_data": [
{
"version_value": "Solutions Business Manager versions prior to 11.4"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm",
"refsource": "CONFIRM",
"url": "http://help.serena.com/doc_center/sbm/ver11_4/sbm_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-7682",
"datePublished": "2018-06-22T22:00:00Z",
"dateReserved": "2018-03-05T00:00:00",
"dateUpdated": "2024-09-16T23:31:36.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}